F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
372
Figure 270 Change login password
280BSSL VPN configuration example in the Web interface
The following matrix shows the configuration example and hardware compatibility:
Hardware Exam
p
le a
pp
licable
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
Firewall module No
U200-A Yes
U200-S Yes
577BNetwork requirements
As shown in 1007HFigure 271, request a certificate and enable SSL VPN service on the SSL VPN gateway so
that users can use HTTPS to log in to the SSL VPN gateway to access the internal resources of the
corporate network.
In this configuration example:
• The Certificate Authority (CA) runs the Windows Server and the Simple Certificate Enrollment
Protocol (SCEP) plugin is required on the CA.
• The IP address of the SSL VPN gateway is 10.1.1.1/24. The IP address of the CA is 10.2.1.1/24, and
the name of the CA is CA server. The CA is used to issue certificates to the SSL VPN gateway and
remote users.
• Perform RADIUS authentication for SSL VPN users. The IP address of the RADIUS server (an IMC
server) is 10.153.10.131/24. After passing authentication, an SSL VPN user can access the internal
technology website whose IP address is 10.153.1.223, all hosts on subnet 10.153.2.0/24, and the
security sever whose IP address is 10.153.2.25 through the FTP shortcut.
• Configure a public account named usera. Specify that only one user can use the public account to
log in at a time. Configure local authentication for the public account and authorize a user who logs
in by using the public account to access the shared desktop provided by internal host
10.153.70.120.
• Specify the default authentication method as RADIUS for the SSL VPN domain and enable
verification code authentication.